Most of the topics covered on this site deal with Ethical Hacking topics, but a solid graps of general security is a must. This board covers those more general credentials from CompTIA, ISC2, SANS, etc.

My boss has mentioned that we have some funds available for training and since I'm the most security minded one of our group asked if I'd be interested in some more training in that area. He has taken some SANS classes in the past and said I should look into it. I received the E-mail for the Security 401 course and while it looks good, I'm worried it might be a bit too broad or I'd go in already knowing a lot of if not most of the stuff in the course.

If anyone has taken these types of courses, how in depth do they go into these concepts? Is there much or any hands on? If anyone has any recommendations on other courses to look at, I'd love to hear that as well.

I received the E-mail for the Security 401 course and while it looks good, I'm worried it might be a bit too broad or I'd go in already knowing a lot of if not most of the stuff in the course.

Define "that area." 401 is not necessarily an "intro" course as in "Hey here is security for dummies." 401 is meant to introduce its students into a wide variety of areas they may not have been exposed to in the security arena.

That's enough to fill a lot of space however, you stated that it may too broad or you'd know much of it. With that said, let's assume you're fluid in all of the listed. Pick your poison. What is your objective. Do you want to defend, do you want to "offend" do you want to be a web application specialist, do you want to dig into forensics, etc., etc, etc. This is a question only you can answer as only you are aware of your capabilities. What I would advise is to begin by picking a poison (red pill/blue pill) and go from there.

What does your typical day consist of. E.g., would make no sense for you to take content on Linux if professionally your goal is to stay in a Windows world. Much like myself, I semi-halted CCIE studies because I primarily use Juniper now. Makes little sense for me to waste time. So... What is it you do during the average course of a week. Protect, compromise, response, forensics. Baseline a few of these topics and make a choice.

Because of your signature, I interpret there is a lot of Windows. Perhaps the GWCN would be suitable:

By "that area", he was talking generically about Security. Unfortunately the role hasn't really been defined since no one in management around here takes security seriously in the least and when I point things out I am normally told to stop being so paranoid or an alarmist or asked why I like to try to make things difficult for everyone. (I was told this most recently when they told me to make it so our wireless was open [and by open I mean no security at all] so people could use their iPads and I pushed back.) Since our company has recently had a big push towards taking our business to the web, that has changed a bit.

I guess my first impressions I got from looking at the course got me thinking it was for someone with no security or networking knowledge at all. I think seeing "Network Concepts" being listed as the first thing scared me off a bit.

My current job role here is fairly wide spread. I do a lot of Windows networking \ AD, VMWare, Cisco Routers, Switches, ASA. The only thing around here I don't touch at all is the SAN. I don't have an official job role with security, but it's been a small side role for me since I got here.

In this case, I would go strictly with the 401 course which will open your knowledge base to more than just the technological side. I implore you go back to SANS' website and look at the day to day modules associated with the course. As for the content and speakers, it is always top notch.

Hey VashTS,You pretty much run into one of the most common themes in IT Security today. Mgmt doesn't care or is ignorant of the security threatscape. That ends up going back on us as security minded individuals to show them the risk in terms they understand. Business terms, lame powerpoints, green and red metrics .... but I digress. So I would recommend taking something like GCIA or GCIH that would enable you to find active threats in your computing environment. That is something you can leverage right away and show them the threat in action. In my experience most of the courses showing you how to securely configure Win/Nix/IOS are an expensive way to learn what is already freely available online. Also, I make a habit of bookmarking and/or printing to pdf all the big corporate hacks to highlight the real risk. Even though they may ignore you and write off your security concerns, they usually will pay attention to a NYTimes article showing a company had their email posted to wikileaks and ended up losing massive amounts of shareholder value.

SANS Sec 401 is a VERY good course, and as Sil pointed out no matter who is teaching it, you can be assured they are top notch.

I took the course as a "facilitator" with Dr. Eric Cole (the curriculum lead) about two years ago, and although I already had two other SANS course under my belt and a couple other security certs, I learned a lot! There were days (day 6 for me) where I really didn't get any new information, but that is more the exception than the rule.

By all means, though, if there is another course that better lines up with your career direction/goals, go for it. That was how I got introduced to SANS. My first course was SEC 506 since I was a Unix/Linux Systems/Security Administrator at the time.

Here's Dr. Cole describing what the course is about and what you will get out of it:

Thanks to everyone for the replies. I have put in two requests for training this year. One for the SANS 401 and another for ASA. I'm doubting I'll get approved for both so I'll be forced to pick just one. I think at this point with all of this feedback, I'll end up going with the SANS course. Thanks!